The patch titled Subject: proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option has been removed from the -mm tree. Its filename was proc-instantiate-only-pids-that-we-can-ptrace-on-hidepid=4-mount-option.patch This patch was dropped because it was merged into mainline or a subsystem tree ------------------------------------------------------ From: Alexey Gladkov <gladkov.alexey@xxxxxxxxx> Subject: proc: instantiate only pids that we can ptrace on 'hidepid=4' mount option If "hidepid=4" mount option is set then do not instantiate pids that we can not ptrace. "hidepid=4" means that procfs should only contain pids that the caller can ptrace. Link: http://lkml.kernel.org/r/20200419141057.621356-4-gladkov.alexey@xxxxxxxxx Signed-off-by: Djalal Harouni <tixxdz@xxxxxxxxx> Signed-off-by: Alexey Gladkov <gladkov.alexey@xxxxxxxxx> Reviewed-by: Alexey Dobriyan <adobriyan@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Akinobu Mita <akinobu.mita@xxxxxxxxx> Cc: Alexander Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Andy Lutomirski <luto@xxxxxxxxxx> Cc: Daniel Micay <danielmicay@xxxxxxxxx> Cc: David Howells <dhowells@xxxxxxxxxx> Cc: "Dmitry V . Levin" <ldv@xxxxxxxxxxxx> Cc: "Eric W . Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Cc: Ingo Molnar <mingo@xxxxxxxxxx> Cc: "J . Bruce Fields" <bfields@xxxxxxxxxxxx> Cc: Jeff Layton <jlayton@xxxxxxxxxxxxxxx> Cc: Jonathan Corbet <corbet@xxxxxxx> Cc: Oleg Nesterov <oleg@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- fs/proc/base.c | 15 +++++++++++++++ fs/proc/root.c | 13 ++++++++++--- include/linux/proc_fs.h | 1 + 3 files changed, 26 insertions(+), 3 deletions(-) --- a/fs/proc/base.c~proc-instantiate-only-pids-that-we-can-ptrace-on-hidepid=4-mount-option +++ a/fs/proc/base.c @@ -701,6 +701,14 @@ static bool has_pid_permissions(struct p struct task_struct *task, int hide_pid_min) { + /* + * If 'hidpid' mount option is set force a ptrace check, + * we indicate that we are using a filesystem syscall + * by passing PTRACE_MODE_READ_FSCREDS + */ + if (fs_info->hide_pid == HIDEPID_NOT_PTRACEABLE) + return ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); + if (fs_info->hide_pid < hide_pid_min) return true; if (in_group_p(fs_info->pid_gid)) @@ -3331,7 +3339,14 @@ struct dentry *proc_pid_lookup(struct de if (!task) goto out; + /* Limit procfs to only ptraceable tasks */ + if (fs_info->hide_pid == HIDEPID_NOT_PTRACEABLE) { + if (!has_pid_permissions(fs_info, task, HIDEPID_NO_ACCESS)) + goto out_put_task; + } + result = proc_pid_instantiate(dentry, task, NULL); +out_put_task: put_task_struct(task); out: return result; --- a/fs/proc/root.c~proc-instantiate-only-pids-that-we-can-ptrace-on-hidepid=4-mount-option +++ a/fs/proc/root.c @@ -47,6 +47,14 @@ static const struct fs_parameter_spec pr {} }; +static inline int valid_hidepid(unsigned int value) +{ + return (value == HIDEPID_OFF || + value == HIDEPID_NO_ACCESS || + value == HIDEPID_INVISIBLE || + value == HIDEPID_NOT_PTRACEABLE); +} + static int proc_parse_param(struct fs_context *fc, struct fs_parameter *param) { struct proc_fs_context *ctx = fc->fs_private; @@ -63,10 +71,9 @@ static int proc_parse_param(struct fs_co break; case Opt_hidepid: + if (!valid_hidepid(result.uint_32)) + return invalf(fc, "proc: unknown value of hidepid.\n"); ctx->hidepid = result.uint_32; - if (ctx->hidepid < HIDEPID_OFF || - ctx->hidepid > HIDEPID_INVISIBLE) - return invalfc(fc, "hidepid value must be between 0 and 2.\n"); break; default: --- a/include/linux/proc_fs.h~proc-instantiate-only-pids-that-we-can-ptrace-on-hidepid=4-mount-option +++ a/include/linux/proc_fs.h @@ -47,6 +47,7 @@ enum { HIDEPID_OFF = 0, HIDEPID_NO_ACCESS = 1, HIDEPID_INVISIBLE = 2, + HIDEPID_NOT_PTRACEABLE = 4, /* Limit pids to only ptraceable pids */ }; struct proc_fs_info { _ Patches currently in -mm which might be from gladkov.alexey@xxxxxxxxx are